CVE-2001-0500

CVE Database · CVE-2001-0500

CVE-2001-0500

· N/AModified

CVSS v3.1

N/A

EPSS

96.73%

Published

Jul 21, 2001

Modified

Apr 15, 2026

Public PoC / Exploit (6)

All weaponized →

Exploit-DBMicrosoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)Exploit-DBMicrosoft IIS 5.0 - IDQ Path Overflow (MS01-033) (Metasploit)Exploit-DBMicrosoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (2)Exploit-DBMicrosoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (3)Exploit-DBMicrosoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (4)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

Affected Products (3)

microsoft · index_servervulnerable

microsoft · indexing_servicevulnerable

microsoft · internet_information_servervulnerable

References (14)

http://www.cert.org/advisories/CA-2001-13.html

ExploitPatchThird Party Advisory

http://www.ciac.org/ciac/bulletins/l-098.shtml

http://www.iss.net/security_center/static/6705.php

http://www.securityfocus.com/archive/1/191873

http://www.securityfocus.com/bid/2880

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197

http://www.cert.org/advisories/CA-2001-13.html

ExploitPatchThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs